Maze Ransomware Claims Attack on Xerox Corporation

Xerox inked with data leak incident

• In June, Maze ransomware operators had targeted the Xerox Corporation and had stolen more than 100 GB of files before encrypting them.
• As a proof of hack, Maze group published a set of 10 screenshots, showing their network shares on the domain eu.xerox[.]net, a ransom note, and the directory listings from June 24, which suggested that the attackers had access to those networks till June 25, 2020.
• Maze ransomware operators had already included the name of Xerox in the list of the victims published on their leak site on June 24.

A busy threat monger

• Within the last week of June, Maze operators added names of several organizations as their victims, including VT San Antonio Aerospace, a few Club Fitness franchises in Missouri, WorldNet Telecommunications, Caldwell Toyota, Ostermeier FZE, OWL Underwriting, VirtualGuard, Manson Construction Co., Innotech-Execaire, and CPFL networks.
• In the end of June, Maze operators had leaked the data of several victim organizations including LG Electronics, that refused to pay the ransom. Along with that data, Maze gang also did some promotions by posting names of other targeted victims (Xerox being one of them), without posting and other details about the attack.

Interesting trend or a coincidence

• The group usually targets one high-profile or high-valued victim every week, like LG Electronics, Conduent, Pitney Bowes, Cognizant, and others.
• Several small or medium-sized firms are targeted on an almost daily basis, as per the additions made to its victim’s list.